github-actions-oidc-hardening-auditAudit GitHub Actions cloud auth workflows for OIDC hardening gaps like missing id-token write permissions, static cloud secrets, and floating auth action refs.
Install via ClawdBot CLI:
clawdbot install daniellummis/github-actions-oidc-hardening-auditGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Generated Mar 22, 2026
A DevOps team uses this skill to regularly audit GitHub Actions workflows in their repositories to ensure OIDC hardening is properly implemented before deploying to production. It helps them catch missing id-token permissions and static secrets, reducing the risk of credential exposure in cloud environments like AWS, GCP, or Azure.
A financial institution employs this skill during compliance audits to scan their GitHub Actions workflows for security gaps, such as floating action refs or lack of role-to-assume in AWS auth. This ensures adherence to regulatory standards and mitigates identity theft risks in cloud operations.
A startup integrates this skill into their CI/CD pipeline to automatically flag risky auth patterns in new pull requests. By setting FAIL_ON_CRITICAL=1, they prevent deployments with critical vulnerabilities, fostering a secure development lifecycle from the early stages.
An enterprise with multi-cloud strategies uses this skill to audit workflows across multiple teams and projects, identifying common OIDC hardening gaps like static cloud secrets. It supports centralized security monitoring and enforces best practices across AWS, GCP, and Azure integrations.
Maintainers of open source projects run this skill to review contributed workflows for security issues, such as missing permissions or floating refs, ensuring the project's infrastructure remains secure against unauthorized access and secret leaks.
A company offers this skill as part of a SaaS platform for continuous security monitoring of GitHub Actions. Revenue is generated through subscription tiers based on the number of repositories scanned, providing automated audits and compliance reports to clients.
A cybersecurity consultancy integrates this skill into their service offerings to perform one-time or recurring audits for clients. Revenue comes from project-based fees or retainer models, helping organizations harden their CI/CD pipelines and meet security standards.
A developer tools company provides this skill for free with basic features, while premium versions offer advanced analytics, custom integrations, and priority support. Revenue is driven by upgrades and enterprise licenses for larger teams.
💬 Integration Tip
Integrate this skill into your CI/CD pipeline by setting environment variables like OUTPUT_FORMAT=json and FAIL_ON_CRITICAL=1 to automatically block deployments with critical vulnerabilities, ensuring continuous security enforcement.
Scored Apr 19, 2026
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
Essential Git commands and workflows for version control, branching, and collaboration.
Git commits, branches, rebases, merges, conflict resolution, history recovery, team workflows, and the commands needed for safe day-to-day version control. U...
Query and manage GitHub repositories - list repos, check CI status, create issues, search repos, and view recent activity.
Advanced git operations beyond add/commit/push. Use when rebasing, bisecting bugs, using worktrees for parallel development, recovering with reflog, managing subtrees/submodules, resolving merge conflicts, cherry-picking across branches, or working with monorepos.
GitHub 趋势监控 | GitHub Trending Monitor. 获取 GitHub 热门项目、编程语言趋势、开源动态 | Get GitHub trending repos, language trends, open source updates. 触发词:GitHub、trending、开源、热...